[jira] [Commented] (PROTON-2594) Use of HSM for crypto opterations with the private key of a TLS certificate

Tue, 29 Oct 2024 11:43:05 -0700 


    [ 
https://issues.apache.org/jira/browse/PROTON-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893956#comment-17893956
 ] 

ASF GitHub Bot commented on PROTON-2594:
----------------------------------------

a3f commented on PR #430:
URL: https://github.com/apache/qpid-proton/pull/430#issuecomment-2445066361

   I added a `pkc11_test` that receives `pkcs11:` URIs for both server and 
client certificates and keys via environment variables. A script executed by CI 
adds the PEM files available in tree to a SoftHSM and exports said environment 
variables.
   
   The test is skipped without being marked as failure whenever the environment 
variables are missing as not break other users running the test suite, but 
lacking the prerequisites.
   
   This works fine locally, but unfortunately fails in CI and I am not sure why.
   
   @astitcher How would you go about debugging issues that only fail in CI? I 
tried https://github.com/nektos/act, but I don't have a docker image that looks 
sufficiently enough like the Github runner VM images, so it's able to execute 
the tests as-is.




> Use of HSM for crypto opterations with the private key of a TLS certificate
> ---------------------------------------------------------------------------
>
>                 Key: PROTON-2594
>                 URL: https://issues.apache.org/jira/browse/PROTON-2594
>             Project: Qpid Proton
>          Issue Type: New Feature
>          Components: cpp-binding, proton-c
>            Reporter: Franz Hollerer
>            Priority: Major
>         Attachments: pn2594.c
>
>
> We use a Hardware Security Module with PKCS#11 Interface (to be more 
> specific: OP-TEE) as key store. This key store holds the public and private 
> key for a TLS certificate for the purpose of client authentication.
> Is there a way to instruct proton-qpid to use the HSM for cryptographic 
> operations with the private key?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to